Ecommerce Listing

Security checks across malware telemetry and agentic risk

Overview

This skill appears to scrape public e-commerce listing pages and has no evidence of hidden exfiltration, credential use, or destructive behavior.

Install only if you want an agent to browse public e-commerce listing pages and extract visible product data. Expect uneven results across sites and filters, and be aware it may keep a small local memory file of scraping issues in the working directory.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (5)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 98% confidence
Finding: This is a mismatch because the description promises a much broader product-search and filtered extraction capability than the code implements. The code does not perform searches, does not apply any filters, does not crawl through multiple pages, and does not specifically support several named platforms like Walmart or Google Shopping. Instead, it only generates JavaScript for in-page scraping of listing cards using site-specific/generic selectors and a separate next-page detector. There is no hidden unrelated behavior, but the declared functionality materially overstates what the code actually does.

Intent-Code Divergence

Medium

Confidence: 91% confidence
Finding: L033 states the operational boundary is limited to reading data already displayed in the browser. However, L157-L162 document reading a local memory file before execution and appending new entries after execution, which is a persistent side effect outside that read-only boundary.

Context-Inappropriate Capability

Low

Confidence: 85% confidence
Finding: The manifest describes a scraper that extracts paginated product data from listing/search pages. Maintaining and appending to a local execution-history memory file is not an obvious requirement for that extraction task and introduces additional capability beyond the stated product-listing purpose.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The manifest description includes very broad 'Use when' phrases such as 'search for products', 'list products from a site', and 'get all products from category' without explicit trigger constraints or negative examples. For a manifest file, this can cause ambiguous activation because these phrases overlap with ordinary user requests that may not intend this specific scraping workflow.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: This markdown file explicitly directs the agent to read and append to a file under the working directory, which is a data-modifying operation. Although the behavior is described operationally, it does not warn the user that running the skill may create or modify a persistent local file containing execution history.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal